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CLAIMS 



We claim: 



1 . An apparatus for key management comprising: 

(a) a multitude of key registers, said multitude of key registers having a hierarchy 
with levels; 

(b) a multitude of type fields, wherein each type field is associated with a key 
register; 

(c) a key management controller, said key management controller having a 
multitude of modes; 

(d) at least one initialization vector; 

(e) key management algorithms; and 

(f) key management functions; 

wherein said mode is determined by the hierarchical level of the key register, and the 
key management algorithm used is determined by the key management function being 
used and said mode. 

2. The apparatus according to claim 1 wherein said multitude of modes includes a CBC 
mode. 



3. The apparatus according to claim 2 wherein said multitude of modes further includes a 
CBC mode. 



4. The apparatus according to claim 2 wherein said multitude of modes further includes 
an ECB mode. 
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The apparatus according to claim 4 wherein said ECB mode uses a deterministic non- 
identity function. 



The apparatus according to claim 4 wherein said ECB mode uses swapped key blocks. 



The apparatus according to claim 3 wherein said CBC mode uses a firmware specified 
initialization vector. 



The apparatus according to claim 2 wherein said CBC mode uses an initialization 
vector to wrap level i red key bits, said initialization vector determined by level i. 



The apparatus according to claim 2 wherein said CBC mode uses an initialization 
vector to unwrap black bits to level j, said initialization vector determined by level j. 



The apparatus according to claim 4 wherein at level 0 said mode is ECB mode and 
said multitude of functions include: 

(a) an encode function; and 

(b) a decode function. 

The apparatus according to claim 4 wherein at level 1 said multitude of functions 
includes: 

(a) an unwrap black bits to level 0 function, wherein said mode is a CBC mode 
with a firmware specified initialization vector; and 

(b) an encode data function, wherein said mode is an ECB mode using a swapped 
key blocks. 
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The apparatus according to claim 4 wherein at level 2 said multitude of functions 
includes: 

(a) a wrap level i red key bits, wherein said mode is a CBC mode with an 
initialization vector determined by the level i; 

(b) an export black bits function; 

(c) an unwrap black bits to level j as determined by firmware, wherein said mode 
is CBC mode with an initialization vector determined by the level j; and 

(d) an import red key bits as level 0 function. 

A method for generating an encoded value having a first encoded value part and a 
second encoded value part from an unencoded value having a first unencoded value 
part and a second unencoded value part, comprising the steps of: 

(a) obtaining an initialization vector; 

(b) generating the first encoded value part by: 

(i) generating a first result by encrypting the first unencoded value part; 

(ii) generating a second result by performing an exclusive or operation on 
the first result and the second unencoded value part; 

(iii) generating a third result by performing an exclusive or operation on the 
second result and the initialization vector; 

(iv) generating a fourth result by encrypting the third result; 

(v) generating a fifth result by performing an exclusive or operation on the 
fourth result and the first unencoded value part; and 

(vi) encrypting the fifth result; and 

(c) generating the second encoded value part by encrypting the second result. 
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1 14. A method according to claim 13, wherein said step of obtaining an initialization vector 

2 further includes the steps of: 

3 (a) determining a hierarchical level for the encoded value; and 

4 (b) obtaining the initialization vector determined by the hierarchical level. 

1 15. A method for generating an unencoded value having a first unencoded value part and a 

2 second unencoded value part from an encoded value having a first encoded value part 

3 and a second encoded value part, comprising the steps of: 

4 (a) obtaining an initialization vector; 

5 (b) generating the first unencoded value part by: 

6 (i) generating a first result by decrypting the second encoded value part; 

7 (ii) generating a second result by performing an exclusive or operation on 

8 the first result and the initialization vector; 

9 (iii) generating a third result by encrypting the second result; 

1 0 (iv) generating a fourth result by decrypting the second encoded value part; 

11 and 

12 (v) performing an exclusive or operation on the third result and the fourth 

13 result; 

14 (c) generating the second unencoded value part by: 

1 5 (i) generating a fifth result by encrypting the first unencoded value part; 

16 and 

1 7 (ii) generating a sixth result by decrypting the second encoded value part; 

18 and 

19 (d) performing an exclusive or operation on the fifth result and the sixth result. 
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* 



1 16. A method according to claim 1 5, wherein said step of obtaining an initialization vector 

2 further includes the steps of: 

3 (a) determining a hierarchical level for the encoded value; and 

4 (b) obtaining the initialization vector determined by the hierarchical level. 
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